如何为本地网络上的独立Datasnap Rest Server创建/安装SSL证书 [英] How can I create/install a SSL Cert for a standalone Datasnap Rest Server on local network
问题描述
我不熟悉SSL和证书采购,这是我尝试使用https / ssl制作的第一台datasnap服务器。
I am new to SSL and Certificate procurement and this is the first datasnap server I have tried to make using https/ssl.
我有一个独立的Datasnap服务器(XE4),并且我想创建或获取可以与之配合使用的SSL,以便对其余通信进行加密。
I have a stand alone Datasnap server (XE4) and I want to create or obtain a SSL that I can use with it so that my rest communications are encrypted.
- 如何获取合适的SSL?
- 我可以购买吗?
- 最终我想使用端口转发将其余查询从Internet传递到我的本地托管服务器。
谢谢,
Mark
Thanks, Mark
推荐答案
请先从GoDaddy或RapidSSL之类的提供商处购买SSL证书。购买时,请指定证书将代表的域名。显然,您可以通过为您的域配置DNS条目来将域名指向您想要的任何IP地址。我从未配置过证书来指向实际的IP地址,但我想这是可能的。如果您希望服务器接受来自Internet的请求,我将使用域名,以便您可以根据需要更改IP地址。
First purchase an SSL certificate from a provider such as GoDaddy or RapidSSL. When purchasing you specify the domain name that the certificate will represent. Obviously you can point the domain name to any IP address you wish by configuring the DNS entries for your domain. I've never configured a certificate to point to an actual IP address but I guess it's possible. Given you want to have your server accept requests from the internet, I would use a domain name so that you can change the IP address if required.
购买SSL证书时,您将需要提供在服务器计算机上生成的证书签名请求(CSR),并指定要用于SSL证书的域名。您可以使用DigiCert实用程序( www.digicert.com/util 之类的实用程序来创建CSR
When purchasing your SSL certificate, you will need to provide a Certificate Signing Request (CSR) which you generate on your server computer, specifying the domain name you want to use the SSL certificate for. You can use a utility such as the DigiCert util (www.digicert.com/util) to create your CSR.
一旦您购买了SSL证书,提供商将提示您下载中间证书文件(或从电子邮件中复制文本,因为它是纯文本文件)。 。该文件特定于您选择的域名。您还需要从SSL提供程序下载根证书,该证书专用于SSL提供程序,而不是您的域名。您需要的第三个文件是私钥文件。您需要再次使用DigiCert实用程序来生成它。为此,您可以将中间证书导入实用程序,然后单击导出以创建私钥-选择密钥格式。
Once you have purchased your SSL certificate the provider will prompt you to download your intermediate certificate file (or just copy the text from an email since it's a plain text file). This file is specific to your selected domain name. You will also need to download the root certificate from the SSL provider, this is specific to the SSL provider but not to your domain name. The third file you need is a private key file. You need to generate this, again using the DigiCert utility. You do this by importing the intermediate certificate into the utility, then clicking 'Export' to create a private key - choose the 'key' format.
现在您拥有3例如文件(文件名可以是您想要的任何文件):
Now you have your 3 files, for example (file names can be anything you want) :
intermediatecert.crt
rootcert.crt
私钥.key
intermediatecert.crt
rootcert.crt
privatekey.key
对于Delphi DataSnap,您需要使用TDSCertFiles组件,并使用'CertFiles'属性将其链接到TDSHTTPService组件。在TDSCertFiles组件中,设置以下属性:
For Delphi DataSnap, you need to use a TDSCertFiles component, and link this to your TDSHTTPService component using the 'CertFiles' property. In your TDSCertFiles component, set the following properties :
CertFile:中间证书文件的路径,例如C:\SSL\intermediatecert.crt
KeyFile:私钥文件的路径,例如C:\SSL\privatekey.key
RootCertFile:提供商根证书文件的路径,例如C:\SSL\rootcert.crt
CertFile : path to your intermediate certificate file e.g. C:\SSL\intermediatecert.crt
KeyFile : path to your private key file e.g. C:\SSL\privatekey.key
RootCertFile : path to your provider's root certificate file e.g. C:\SSL\rootcert.crt
我不了解XE4,但是在XE2中,TDSCertFiles组件存在一个错误,这意味着需要设置上面的3运行时属性无效-仅使用设计时设置的值-参见: http://qc.embarcadero.com/wc/qcmain.aspx?d=107516
I don't know about XE4, but in XE2 there is a bug with the TDSCertFiles component which means setting the above 3 properties at runtime has no effect - it only ever uses the values set at design-time - see this : http://qc.embarcadero.com/wc/qcmain.aspx?d=107516
最后,因为DataSnap使用Indy和Indy工具使用OpenSSL的SSL,您需要将OpenSSL库文件与DataSnap服务器EXE放在同一文件夹中,或者至少在服务器的PATH上。您需要的2个文件是libeay32.dll和ssleay32.dll,您可以在这里下载它们: http://indy.fulgan.com/SSL/openssl-1.0.1e-i386-win32.zip
Finally, because DataSnap uses Indy and Indy implements SSL using OpenSSL, you need to have the OpenSSL library files either in the same folder as your DataSnap server EXE, or at least on the server's PATH. The 2 files you need are libeay32.dll and ssleay32.dll, and you can download them here : http://indy.fulgan.com/SSL/openssl-1.0.1e-i386-win32.zip
希望帮助。
这篇关于如何为本地网络上的独立Datasnap Rest Server创建/安装SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
